Reports circulating on social media have revealed that the Web3 social media platform Stars Arena, operating on the Avalanche network, recently fell victim to a malicious attack resulting in the loss of some funds. The exploit was brought to light by a user, Lilitch.eth, on October 5, who claimed a loss exceeding $1 million. However, the Stars Arena team swiftly responded, characterizing the incident as a “war” against the app but asserting that only approximately $2,000 had been lost, and the vulnerability had been promptly patched.
Similar to the recent challenges faced by Friend.tech, Stars Arena allows users to purchase tokenized assets known as “shares,” issued by content creators. These shares provide exclusive content or other perks to token owners. The popularity of Stars Arena has contributed to a surge in activity on the Avalanche network, with daily transactions spiking by over 186% from October 3 to 4.
Lilitch.eth’s announcement on social media triggered some skepticism, with accusations of spreading “fear, uncertainty, and doubt” (FUD). Some argued that the attackers couldn’t profit due to high transaction costs, and the Stars Arena team maintained that the exploit had been fixed, accusing attackers of using coordinated FUD to tarnish the app’s reputation.
The team conducted a Twitter Spaces event to address users, revealing that the attackers were spending $5 in gas to drain $1 from the app. In response, Lilitch.eth refuted these claims, contending that attackers ceased when gas prices made the attack unprofitable. Despite initial tensions, Lilitch.eth expressed support for Stars Arena after the patch, stating, “The conflict was resolved, we are friends now. @starsarena to the moon.”
Meanwhile, Friend.tech users have been grappling with SIM-swap attacks, prompting the team to take preventative measures on October 5 by implementing a function to remove certain login methods. The wider context of security concerns in the Web3 space highlights the ongoing challenges faced by platforms and users alike.
